Over 80% Of Breaches Still Result Of Poor Patch Management

Voke, inc., a modern analyst firm announced the publication of the new “Market Snapshot Report: Secure Operations Automation.” 

The new independent survey of 318 participants from companies of varying sizes globally, focuses on the need to operationalize security through secure operations automation practices and solutions; and explores real-world insights about IT patch and compliance, automation, and operations security.

Key findings in the report include:

• Percent of audit failures that occurred due to patches pending for various amounts of time (weeks to years).

• Percent of breaches that occurred due to patches pending for various amounts of time (weeks to years).

• Audit readiness ROI.

• Remediation productivity ROI.

• Remediation speed ROI.

While a plethora of security tools and solutions are in use, organizations still face a variety of security-related challenges including coordination of preventive measures between IT Security and IT Operations, patching security vulnerabilities, prevention of security breaches, and keeping up with evolving regulatory standards. The survey found that the automation of secure operations workflow is lacking, which leads to increased risk.

The goal of secure operations automation is to improve processes and technology to unite IT Security and IT Operations teams with more focus on collaboration and visibility. Secure operations automation allows the IT Operations team to take a more active role in IT security. While it is necessary for the two teams to remain independent, cooperation and collaboration are necessary to deliver better business outcomes.

“The emerging category of secure operations automation practices and technologies is being driven by the fact that basic security operations are still not effectively being executed on a consistent basis,” said Theresa Lanowitz, CEO, and founder of Voke. “By using secure operations automation practices and solutions, effective CIOs and CISOs are aiming to reduce the isolation and contention between these two valuable teams, and automate key security hygiene practices across their organizations.”

The survey found that organizations taking advantage of secure operations automation solutions and practices benefit from:

• Effective management of patch backlog.

• Improved audit readiness.

• Increased remediation productivity.

• Reduced open vulnerabilities.

• Reduced security breaches with pending patches.

“Operationalizing security is critical to protecting the brand from ongoing threats,” said Lisa Dronzek, COO of Voke. “While the latest malware or DDoS attack may gain more public interest, it’s the backlog of patches to resolve known vulnerabilities that is a key factor putting businesses at risk for audit failures and security breaches.”

Participants of the survey identified the following products (in alphabetical order by vendor) as being part of a secure operations automation solution.

• BMC BladeLogic Network Automation

• BMC BladeLogic Server Automation

• BMC Threat Director

• Chef InSpec

• Hewlett Packard Enterprise (HPE) Server Automation

• LANDESK Patch Manager

• IBM BigFix

• Mesosphere Enterprise DC/OS

• Microsoft System Center

• Puppet Enterprise

• Puppet Forge Modules

• Red Hat Ansible Tower

• ServiceNow Security Operations

• Tanium Endpoint Platform

• Tanium Patch

• Tanium Quarantine

• Tanium Trace

• Tripwire Configuration Compliance Manager

• VMware vRealize Configuration Manager

The report also provides assessment questions for organizations to leverage, to determine a company’s need and readiness for secure operations automation practices and solutions.